Formidable Forms
Strategy11 Team
Developer
6.29
Latest version
300,000
Installations
No date
Last updated
Vulnerability history
0 present
25 patched
4 Mitigation rules
- Unauthenticated Payment Amount Manipulation via 'item_meta' Parameter vulnerability<= 6.2813/03/2026
- Missing Authorization to Unauthenticated Payment Integrity Bypass via PaymentIntent Reuse vulnerability<= 6.2813/03/2026
- HTML Injection vulnerability<= 6.718/02/2026
- Reflected Cross-Site Scripting via Custom HTML Form Parameter vulnerability<= 6.16.1.222/11/2024
- Admin+ Stored XSS vulnerability< 6.14.121/11/2024
- Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability<= 6.11.131/07/2024
- Content Injection vulnerability<= 6.731/01/2024
- Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability<= 6.7.229/01/2024
- Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability<= 6.709/01/2024
- Auth. Remote Code Execution (RCE) vulnerability< 6.3.127/06/2023
- Unauth. PHP Object Injection vulnerability<= 6.1.207/04/2023
- IP Spoofing vulnerability< 6.113/03/2023
- Broken Access Control vulnerability<= 5.5.403/02/2023
- Cross Site Request Forgery (CSRF)<= 5.5.602/02/2023
- Cross-Site Request Forgery vulnerability<= 5.5.421/12/2022
- Authenticated (Admin+) Server-Side Request Forgery vulnerability<= 5.5.421/12/2022
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 5.0.0613/10/2021
- Stored Cross-Site Scripting (XSS) vulnerability<= 4.09.0428/01/2021
- Unsafe Deserialisation vulnerability<= 4.0209/08/2019
- SQL Injection (SQLi) vulnerability<= 2.05.0220/11/2017
- Multiple Cross-Site Scripting (XSS) vulnerabilities<= 2.05.0220/11/2017
- Multiple vulnerabilities<= 2.05.0220/11/2017
- Remote Code Execution<= 1.06.0329/01/2016
- Unspecified Vulnerabilities<= 1.06.0829/01/2016
- Blind SQL Injection<= 1.07.1129/01/2016